Ubuntu has a bigger problem than its Amazon blunder

There are many things that comprise a successful Linux distribution, but there may be none more important than trust. Before you build a production Linux system, you have to trust that the distribution isn’t going to contain malicious code or back doors or any number of other potentially major problems. Since the advent of Linux, this really hasn’t been an issue.

In the rare occasions that backdoors or spyware have been injected into a particular Linux distribution, the nature of the open source community is such that it has been discovered and patched quickly. But we’re talking about clandestine operations here, such as a bad actor unrelated to the distribution getting access to the source tree and injecting their bad code in the mix.

But what if the distribution does this on purpose? What if, by hook or by crook, a popular, successful distro released a new version that contained code that exposed much more information to third parties than a user would like, while simultaneously claiming that it’s a nonissue? Canonical has run right into this wall, and the collision has been ugly.

The latest Ubuntu 12.10 beta includes a new feature in the Unity Dash that incorporates Amazon searches. This might sound a little odd, but it was meant to be innocuous, even helpful to the user, while generating referral cash for Ubuntu. Essentially, when performing searches through the Dash, this new widget adds “More Suggestions” to the search results, using information gleaned by searching Amazon.com’s vast online shopping catalog.

This means that if you’re looking for an MP3 you purchased or ripped, you will be presented with the search matches from your local system, but also with matches from Amazon, such as a link to purchase that same MP3. While the need to query Amazon for every file system search is dubious at best, to the casual observer it may seem somewhat innocuous. It’s just a search after all, and Canonical claims that it proxies all of the searches so that Amazon cannot link a specific user or IP address with the search terms or results. Again, that sounds like a nonissue.

The problem is that this was a bad idea backed up by horrible design and execution. Etienne Perot goes into deep detail on why this is so, but I’ll summarize here.

When you use this new feature of the Dash, your query terms are sent to a server run by Canonical that then proxies the search to Amazon, which returns the results. However, none of those communications are encrypted; they’re just plainly visible queries. Further, this is completely at odds with what Ubuntu founder Mark Shuttleworth says on the matter: “We are not telling Amazon what you are searching for. Your anonymity is preserved because we handle the query on your behalf.” While some of the second part of his statement is true, the first is not. They are definitely passing your query terms on to Amazon; they’re just masking the originating IP address.

This by itself is a problem because nobody intends to search Amazon for sensitive personal information. For instance, someone might search for a file with a Social Security number or with a specific text string that is in no way intended to be read by anyone else. They’re ostensibly searching through their own local file system, after all, and the thought that by default that search string will be sent out to not one, but two, third parties is extremely disturbing.

Further, as Etienne notes, while the query source IP address is proxied, the new feature goes directly to Amazon to download thumbnails and such to display the results. This makes it trivial to match queries with the original IP address — for every single search you do through the Unity Dash. That’s wrong on so many levels, I don’t even know where to start.

Since this mess blew up, Ubuntu has started to backtrack somewhat. There’s a method to uninstall the new feature through the command line (sudo apt-get purge unity-lens-shopping), and very recently, Canonical announced it is working to incorporate this feature into the global privacy manager to allow users to disable this in the GUI, although that appears to have some caveats as well.

But the fact remains that, as of now, Canonical is planning on leaving this poorly conceived and implemented feature in the next release of Ubuntu — and leave it on by default.

There have been times in the past when various changes to distributions and even core open source packages have been poorly received by the community; generally, the community as a whole responds by heading in a different direction. See the X11 versus X.Org situation for an example. I don’t think that integrated Amazon search alone will cause a massive backlash against Ubuntu, but it will definitely give privacy-minded users cause to consider alternatives — and to recommend those alternatives to others.

That by itself is a blemish on Ubuntu’s generally stellar record. But the biggest problem I have with the Amazon debacle is another comment by Shuttleworth: “Don’t trust us? Erm, we have root. You do trust us with your data already.” That level of hubris from the founder of Ubuntu, in the face of what is clearly a bad idea badly implemented, should leave everyone with a bad taste in their mouth. If this idea can make it to the next Ubuntu release, then what other bad ideas are floating around? What’s next? Why should we maintain that trust?

So fine, Mr. Shuttleworth. You have root. But not on my box. Not anymore.

This story, “Ubuntu has a bigger problem than its Amazon blunder,” was originally published at InfoWorld.com. Read more of Paul Venezia’s The Deep End blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.